Re: Remote Desktop and Terminal Services by dw85745
dw85745
Sun Jul 16 17:17:06 CDT 2006
> Well, all I can say is that it is something installed on but not bundled
> with Win9x. ?? PcAnywhere, Vnc, or ???
Familiar with PcAnywhere but NOT installed my machine. Not familiar with
Vnc but ASSUME third party program similiar to PcAnywhere.
I do NOT have ANY third party software on machine for remote manipulation.
That's why I thing it must be part of his DLL. However using Dependency
Walker, Process Manager (Win Internals) and using several other programs I
could not ID a function that may do remote communication.
David
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:OIAr2MupGHA.2328@TK2MSFTNGP05.phx.gbl...
> Well, all I can say is that it is something installed on but not bundled
> with Win9x. ?? PcAnywhere, Vnc, or ???
>
> "dw85745" <dw85745_NOT@earthlink.net> wrote in message
> news:OKF1zrqpGHA.2400@TK2MSFTNGP03.phx.gbl...
> > not clear what you mean by "he was on my system"
> >
> > He requested to watch me while I stepped through (run with breakpoints)
my
> > program.
> > He then requested control and while I watched was able to use Explorer
to
> > go to the directory where his DLL was located in order to verify the
DLL
> > version/date.
> >
> > To me this is TOTAL control!!
> >
> > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> > news:en3EE8opGHA.2292@TK2MSFTNGP05.phx.gbl...
> >> Of the three remoting technologies you mention only NetMeeting works
> >> on Win9x at least AFAIK. It is more likely that he leveraged a
> >> capability
> >> of the control or dll. It is not clear what you mean by "he was on my
> >> system", as for example you could have been seeing results from remote
> >> script execution thinking he had to have been logged in to effect that.
> >> As far as where to look you would need to ask in a Win9x group, or
> >> let someone else respond, as I have never used the DOS family OSs
> >> from Microsoft.
> >>
> >> "dw85745" <dw85745_NOT@earthlink.net> wrote in message
> >> news:%23uZiccnpGHA.4032@TK2MSFTNGP03.phx.gbl...
> >> > Thanks for response Roger.
> >> >
> >> > Confirmed my thoughts and Agree Upgrade is in order.
> >> >
> >> > Have looked inside both the DLL and ActiveX but nothing jumped
> >> > (function
> >> > name) out as being obvious. .
> >> >
> >> > What started this was during develop the head of IT asked for access
to
> > my
> >> > system. I granted one time access, called their website, responded
yes
> > to
> >> > a
> >> > prompt and he was immediately on my system. The only way I could
think
> > he
> >> > gained access was using either Remote Desktop (to my knowledge not
part
> > of
> >> > Win98), Terminal Services (again I don't believe part of Win98),
> >> > NetMeeting (possible but I'm not familiar with its usage) or code
> >> > within
> >> > his
> >> > DLL.
> >> >
> >> > Any ideas which and how I would locate (Registry entry, specific
dll's,
> > if
> >> > remote desktop, terminal services, or net meeting)?
> >> >
> >> > David
> >> >
> >> > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> >> > news:usdJt8ipGHA.4932@TK2MSFTNGP05.phx.gbl...
> >> >> "dw85745" <dw85745_NOT@earthlink.net> wrote in message
> >> >> news:ewFdyigpGHA.4188@TK2MSFTNGP04.phx.gbl...
> >> >> >I have two programs I've written.
> >> >> >
> >> >> > Both programs maintain a link to independent vendor servers...
> >> >> >
> >> >> > Program 1 uses a DLL supplied by the server vendor.
> >> >> > Program 2 uses an ActiveX supplied by the server vendor.
> >> >> >
> >> >> > I still run Win98 (not SE) OS on the client machine which is
> > accessing
> >> > the
> >> >> > servers.
> >> >> > .
> >> >> > QUESTION:
> >> >> >
> >> >> > 1) Since I am using a vendor supplied DLL and ActiveX have I
given
> >> >> > them
> >> >> > remote access to my system ?
> >> >> >
> >> >> Any time one runs code supplied by another one is placing trust
> >> >> in the author of that code. If the code is allowed network access
> >> >> then that trust includes trust that nothing is being done via that
> >> >> network capability that is undisclosed. This is really not specific
> >> >> to dll or control or for that matter even Windows vs non-Windows.
> >> >>
> >> >>
> >> >> > 2) If so, is there a way to prevent them from doing file
> > manipulation,
> >> >> > screen capture, and screen scraping -- and if so, how?
> >> >> >
> >> >> No. It is inherently not possible to prevent an unknown from
> > happening.
> >> >> Further, you are attempting to protect something that is not
designed
> > to
> >> >> be protected/protectable (Windows 98)
> >> >>
> >> >> > 3) How do I check my system for RemoteDesk TerminalServices or
> >> > NetMeeting
> >> >> > for Security purposes. So far a scan of the registry for
"Remote",
> >> >> > Terminal" has not yielded a valid hit?
> >> >> >
> >> >> Similar to question 2. To find something you need to know for what
> >> >> you are looking, and how to look for that under any possible
disguise
> >> >> that might be used.
> >> >>
> >> >> If you are really worried, the best thing you could do would be to
> >> >> move to use of a support operating system that does have a security
> >> >> model within its design/implementation. For example, with XP the
> >> >> code you run that uses that vendor supplied code could be run
> >> >> within a specially defined limited user account, audit accesses made
> >> >> to parts of the system by that account, study the job/process thread
> >> >> tree of the code as it runs, monitor the network activity while that
> > code
> >> >> runs for communications with "other" IPs than the intended server(s)
> >> >> etc. Some of that you could do on Win 9x, some you could not.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>